These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

SSO OAuth state parameter

First post
Author
Previous Topic Next Topic
Queso Oveja
Altsgamer Inc.
#1 - 2016-09-03 21:35:44 UTC
Hello,

As mentioned, for example, here, redirecting URL could include parameter state, which should be passed back to the site of developer.


Quote:
Example URL: https://login.eveonline.com/oauth/authorize/?response_type=code&redirect_uri=https%3A%2F%2F3rdpartysite.com%2Fcallback&client_id=3rdpartyClientId&scope=characterContactsRead%20characterContactsWrite&state=uniquestate123

The user will need to log into their EVE Online account and select the character that your web site will be given access to. If the user is already logged in with an EVE Online account, they will just need to select a character and approve the required scopes.

The SSO will redirect the user back to the provided callback URL with an authorization code and the state as query string parameters.

Example URL: https://3rdpartysite.com/callback?code=gEyuYF_rf...ofM0&state=uniquestate123


I was trying hard to pass something with this parameter, but all I receive is just authorization code, and the state parameter is completely missing, i.e. there is nothing containing "&state=" substring in URL.

What could be the reason for that?

Thank you in advance.
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#2 - 2016-09-05 12:04:22 UTC
That's weird. Because I get one back on mine (if it doesn't match, I reject the auth.)

Are you _sure_ it's not coming back?

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Queso Oveja
Altsgamer Inc.
#3 - 2016-09-05 12:49:55 UTC
Steve Ronuken wrote:
That's weird. Because I get one back on mine (if it doesn't match, I reject the auth.)

Are you _sure_ it's not coming back?


I guess so. I print $ENV{'QUERY_STRING'} right in the beginning of the script, it has "code=...", but no "state=...". And I am sure I have state set in request to login.eveonline.com/oauth/authorize.

But its good to know that it does work for you. Will need to investigate all that again.
Queso Oveja
Altsgamer Inc.
#4 - 2016-09-05 12:59:49 UTC
Steve Ronuken wrote:
That's weird. Because I get one back on mine (if it doesn't match, I reject the auth.)

Are you _sure_ it's not coming back?


You were right, sorry. The problem was with browser cache - I used to set up "state" property after I debugged everything else and did not clear it. Thank you, now it all is fixed.
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#5 - 2016-09-05 17:11:39 UTC
That's why I said :D

Good to know it's working for you.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter